According to the Incident Response Report from Unit 42, the research arm of Palo Alto Networks, one in five (21%) ransomware criminals renege on their word after the ransom is paid.

Unit 42 analyzed more than 1,200 cyber incidents over the past 2.5 years. The experts recommend never paying a ransom except in exceptional cases. This only makes cybercriminals richer and gives them the opportunity to create even more victims.

Victims of ransomware are often put under so much pressure that they have no choice but to agree and pay. In just two years, the number of harassment cases rose from less than 1 percent in 2021 to over 27 percent last year. Victims are exposed, for example, on blogs or social media. Hackers sometimes even go so far as to have a bouquet of flowers delivered to the company’s CEO.

Fortunately, the report isn’t all bad news. While hackers demand more and more money, an average of $695,000 in 2023, companies are paying less and less. The average ransom paid last year was $237,500, while in 2022 it was $350,000. According to Unit 42, negotiations are worth it. The researchers see a direct connection between the length of the negotiation and the amount ultimately paid.

Phishing is no longer the holy grail

Another notable observation: Phishing is no longer the holy grail of invasion tactics. While in 2022 one in three attacks (34%) was due to phishing, last year it was less than one in five (17%). In 2023, unpatched vulnerabilities will dominate: almost 4 out of 10 (38.6%) attacks last year occurred via a software vulnerability.

In second place we find compromised passwords (21%), which are often traded on marketplaces. UNIT 42 therefore recommends creating unique passwords for each individual website or application.

So far, Unit 42 researchers have found no evidence of malware developed entirely by AI. Hackers use it primarily as a tool to supplement code and thus carry out attacks faster and more cost-effectively. In addition, the research arm warns of possible hacks of AI tools themselves, through which information from the language models can be manipulated.